The Health Telematics Act 2012(1) provides for electronic health records (ELGA), which contain all health-relevant information on patients. Healthcare providers such as physicians, dentists, pharmacists and hospitals can access ELGA. However, patients can object to participate in ELGA and limit access to their health data. ELGA remains in its implementation stage.
Notwithstanding ELGA's ongoing implementation, Austria's immunisation regulators still consider paper-based immunisation cards to be an essential instrument for documentation purposes; however, such records are often incomplete or inaccurate, as a new immunisation card is issued if (for example) a vaccinated person does not have the card to hand. Thus, a person's complete vaccination history could become spread across several documents.
Moreover, vaccinations are administered by different healthcare providers, which further complicates access to complete vaccination histories. Moreover, handwritten records are frequently illegible. Immunisation card evaluations are thus not only difficult for healthcare providers to undertake, but also deny public health authorities the necessary statistical data for steering purposes.
On 6 December 2019 the Ministry of Health provided Parliament with a draft amendment(2) to the Health Telematics Act for public consultation. The proposal aims to remedy the abovementioned challenges through the introduction of electronic immunisation cards and a central register of vaccinations.
Public vaccinations
The Ministry of Health aims to replace paper-based vaccination records with digital records that list complete vaccination histories. Moreover, facilitating access to personal health data would strengthen personal responsibility and promote prevention. Access to a digital health database would allow public vaccination programmes to target specific groups and streamline vaccine procurement.
Digital records
Under the new model, vaccination coverage rates would be identified based on complete data collections, which would aid the implementation of measures to prevent the spread of diseases that can be fought by vaccination. In the event of an actual or suspected outbreak of a contagious disease such as measles, access to digital records would allow healthcare professionals to inform persons close to patients and make targeted post-expositional actions to contain the disease.
ELGA optimisation
The Ministry for Health proposes to optimise ELGA and develop its central infrastructure to accommodate eHealth applications. High quality metadata is essential for ensuring the effectiveness of and reliable access to ELGA documents.
The Ministry of Health will implement its objectives by providing the legal basis for eHealth applications in the form of electronic immunisation cards, which will supplement and use certain components of ELGA. The main feature of the new system is a central register of vaccinations, which will document a person's complete vaccination history. The data stored in the central vaccination register will be deleted 10 years after the cardholder's death or 120 years from their birth, whichever is earlier. To establish personal immunisation schedules that remind users of upcoming recommended vaccinations, the Ministry of Health's existing vaccination plan will be recorded in the register. ELGA and the electronic immunisation card will use the same digital infrastructure. However, unlike the voluntary ELGA system, electronic immunisation cards will be mandatory.
Article 9(1) of the EU General Data Protection Regulation (GDPR) permits the processing of personal health data if it is provided for under EU or EU member state law and is a matter of considerable public interest, subject to appropriate guarantees for protecting personal data and other civil rights.
The Ministry of Health considers the use of electronic immunisation cards and ELGA to be matters of considerable public interest under Article 9(2)(g)-(j) of the GDPR. However, ELGA's use is limited to registered ELGA healthcare providers, particularly hospitals and physicians, and excludes public healthcare.
The purpose of electronic immunisation cards is to allow public healthcare professionals to perform legal tasks more effectively and efficiently. However, whereas patients may opt out of participating in ELGA, their vaccination data must be registered in the central vaccination register. Optional registration would make it impossible to realise the objectives of the electronic immunisation card system. Achieving said objectives in line with Recital 53 of the GDPR therefore demands that electronic immunisation cards be implemented without objection.
Austria currently has vaccinations against 22 disease agents, of which only four cannot be transferred from person to person. Since these diseases are also severe, there is no reason to distinguish between vaccinations against diseases transferrable by humans and other diseases. Further, as vaccination data may be used for limited purposes only, the electronic immunisation card is an appropriate and specific measure to defend data subjects' rights and freedoms.
Although the Ministry of Health's draft amendment for implementing electronic immunisation cards and a central register of vaccinations is welcome news from a public health standpoint, the proposal raises the following privacy issues:
- Is personal data necessary to achieve Austria's public health objectives?
- Is a complete and mandatory capture of all patient data regarding vaccinations necessary or is a different approach for different groups of vaccinations (eg, for transferrable diseases and others that only minimise a risk for patients) more appropriate?
- How will the data of persons not participating in ELGA (or having opted out of ELGA) be processed in the electronic immunisation card system?
Endnotes
(1) Gesundheitstelematikgesetz 2012 (BGBl I Nr 111/2012 as amended).
